The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Poppler: assertion error via Object-dictLookup

Synthesis of the vulnerability 

An attacker can force an assertion error via Object::dictLookup() of Poppler, in order to trigger a denial of service.
Vulnerable systems: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity of this threat: 2/4.
Creation date: 22/01/2019.
Références of this weakness: bulletinapr2019, CVE-2018-20650, DLA-1939-1, DLA-2440-1, FEDORA-2019-40f4af0687, FEDORA-2019-7ff7f5093e, FEDORA-2019-b0bd3c604a, RHSA-2019:2022-01, RHSA-2019:2713-01, USN-3865-1, VIGILANCE-VUL-28328.

Description of the vulnerability 

An attacker can force an assertion error via Object::dictLookup() of Poppler, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, Fedora, Solaris, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

Debian 8: new poppler packages.
New packages are available:
  Debian 8: poppler 0.26.5-2+deb8u11

Debian 9: new poppler packages.
New packages are available:
  Debian 9: poppler 0.48.0-2+deb9u4

Fedora 28: new poppler packages.
New packages are available:
  Fedora 28: poppler 0.62.0-14.fc28

Fedora 29: new mingw-poppler packages.
New packages are available:
  Fedora 29: mingw-poppler 0.67.0-3.fc29

Fedora 29: new poppler packages.
New packages are available:
  Fedora 29: poppler 0.67.0-10.fc29

Oracle Solaris: patch for third party software of April 2019 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL 7: new poppler packages.
New packages are available:
  RHEL 7: poppler 0.26.5-38.el7

RHEL 8.0: new poppler packages.
New packages are available:
  RHEL 8: poppler 0.66.0-11.el8_0.12

Ubuntu: new poppler packages.
New packages are available:
  Ubuntu 18.10: libpoppler79 0.68.0-0ubuntu1.4, poppler-utils 0.68.0-0ubuntu1.4
  Ubuntu 18.04 LTS: libpoppler73 0.62.0-2ubuntu2.6, poppler-utils 0.62.0-2ubuntu2.6
  Ubuntu 16.04 LTS: libpoppler58 0.41.0-0ubuntu1.11, poppler-utils 0.41.0-0ubuntu1.11
  Ubuntu 14.04 LTS: libpoppler44 0.24.5-2ubuntu4.15, poppler-utils 0.24.5-2ubuntu4.15
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities analysis. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.